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DETAILED ACTION 

1 . This action is in response to the Amendment filed on 12/21/05. Applicant's arguments 
have been fully considered but they are not found to be persuasive. 

2. Claims 1 and 3-29 are presented for examination. 

Claim Rejections -35 USC §103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to. a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

3. Claims 1, 3, 5 and 7-9 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Stoecker et al. (hereinafter Stoecker) (US 5,850,511) in view of Hyndman et al. 
(hereinafter Hyndman) (US 6,449,643 Bl). 

4. As to claim 1, Stoecker teaches a method of administering a processor-based system, said 
method comprising the steps of: 

implementing at least one compartment for containment (containment tree) at least one 
process executable on said processor-based system (col. 5, lines 13-28, etc.); and 

providing, by said processor-based system, at least one operating system command-line 
(command line) utility executable to manipulate (by building) said at least one compartment 
(containment) (claim 2 and col. 28, lines 50-67, etc.). 
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5. Stoecker fails to explicitly teach wherein said at least one compartment defines whether 
said at least one process contained therein is allowed access to particular system resources. 
However, Hyndman teaches storing access control data pertinent to components including all 
resources accessible to the building blocks (each building block comprises a database for storing 
access control data pertinent to said component including all resources accessible to the building 
block) (see Abstract), It would have been obvious to one of ordinary skill in the art at the time 
the invention was made to include the feature of at least one compartment defines whether said at 
least one process contained therein is allowed access to particular system resources in order to 
increase the security by obtaining the information needed to allow access to the users that have 
the rights or privileges (see Abstract). 

6. As to claim 3, Stoecker teaches wherein said at least one process is labeled to identify the 
compartment in which it is contained (col. 2, lines 11-18). 

7. As to claim 5, Stoecker teaches defining said at least one compartment in at least one 
configuration file (specification file) (col 5, lines 63-67). 

8. As to claim 7, Stoecker fails to explicitly teach wherein said implementing step 
comprises providing at least one rule that defines containment of said at least one compartment 
in at least one configuration file. However, Hyndman teaches a rule-based system for 
containment (access control) for compartments (building blocks or components) (col. 1 } lines 34- 
46, col 2, lines 26-30, see Abstract). 
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9. As to claim 8, it is rejected for the same reasons as stated in the rejections of claims 1 and 
7. 

10. As to claim 9 ? Hyndman teaches adding a new rule for a particular component, removing 
an existing rule for a particular component with the use of privileges and the administrator has 
the listing of all the rules (col 2, lines 26-30 and Abstract). 

1 1 . Claim 4 is rejected under 35 U.S.C. 103(a) as being unpatentable over Stoecker et al. 
(hereinafter Stoecker) (US 5,850,511) in view of Hyndman et al. (hereinafter Hyndman) 
(US 6,449,643 Bl), and further in view of Thalhammer-Reyero (US 5,930,154). 

12. As to claim 4, Stoecker fails to explicitly teach adding a new compartment, renaming an 
existing compartment, removing an existing compartment, resizing an existing compartment, 
adding a process to a compartment, and removing a process from a compartment. However, 
Thalhammer-Reyero teaches adding a new compartment, renaming an existing compartment, 
removing an existing compartment, resizing an existing compartment, adding a process to a 
compartment, and removing a process from a compartment (col 5, lines 39-47, col 13, lines 10- 
15, col 19, lines 60-67 through col 20, lines 1-4, col 27, lines 5-13, col 30, lines 19-20, and 
col 40, lines 3-13). It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to include the feature of adding a new compartment, renaming an existing 
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compartment, removing an existing compartment, resizing an existing compartment, adding a 
process to a compartment, and removing a process from a compartment to the existing system of 
Stoecker in order to increase the control by allowing adjustments of compartments. 

13. Claim 6 is rejected under 35 U.S.C. 103(a) as being unpatentable over Stoecker et al. 
(hereinafter Stoecker) (US 5,850,511) in view of Hyndman et al. (hereinafter Hyndman) 
(US 6,449,643 Bl), and further in view of Tate et al. (hereinafter Tate) (US 6,493,751 Bl). 

14. As to claim 6, Stoecker teaches command-line utilities to manipulate compartments but 
fails to explicitly teach manipulating without requiring a user to edit a configuration file. 
However, Tate teaches manipulating without requiring the actual inputting and on-screen editing 
of the .configuration files by the user (col 4, lines 6-11). It would have been obvious to one of 
ordinary skill in the art at the time the invention was made to include the feature of manipulating 
without requiring a user to edit a configuration file to the existing containment system because 
this makes the process simpler for the user (col 3, lines 45-58). 



15. Claims 10, 12, 19, and 26-27 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Stoecker et al. (hereinafter Stoecker) (US 5,850,511) in view of Tate et al. 
(hereinafter Tate) (US 6,493,751 Bl). 
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16. As to claim 10, Stoecker teaches a system comprising: 

an operating system stored to computer-readable medium (memory in computer system, 
col 7, lines 29-39, etc), said operating system implementing at least one compartment 
(containment tree) to which at least one process executable on said system can be associated (col 
5, lines 13-28, etc.); 

at least one configuration file stored to computer-readable medium (memory in computer 
system, col 7, lines 29-39, etc.), said at least one configuration file defining said at least one 
compartment (specification file) (col 5, lines 63-67, etc.); and 

Stoecker teaches command-line utilities to manage and manipulate compartments but fails to 
explicitly teach manipulating without requiring a user to edit a configuration file. However, Tate 
teaches manipulating without requiring the actual inputting and on-screen editing of the 
configuration files by the user (col 4, lines 6-11). It would have been obvious to one of ordinary 
skill in the art at the time the invention was made to include the feature of manipulating without 
requiring a user to edit a configuration file to the existing containment system because this 
makes the process simpler for the user (col 3, lines 45-58). 

17. .As to claim 12, Stoecker teaches wherein said performing management of said at least 
one compartment comprises manipulating said at least one compartment (col 1, line 39). 

18. As to claim 19, it is rejected for the same reasons as stated in the rejection of claim 10. In 
addition, Stoecker teaches an operating system command-line utility for the 
management/manipulation (claim 2 and col 28, lines 50-67, etc.). 
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19. As to claim 26-27, they are rejected for the same reasons as stated in the rejections of 
claims 10 and 12. 

20. Claims 11, 14 and 29 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Stoecker et al. (hereinafter Stoecker) (US 5,850,511) in view of Tate et ah (hereinafter Tate) 
(US 6,493,751 Bl), and further in view of Fletcher et al. (hereinafter Fletcher) (US 
6,009,274). 

21. As to claim 1 1 , Stoecker and Tate fail to explicitly teach wherein said means for 
performing management of said at least one compartment further enables management actions 
initiated via said means for performing management to be performed dynamically, without 
requiring that the system be re-booted in order for said management actions to be effective 
within said system. However, Fletcher teaches an agent that manages components 
(compartments) dynamically, without having to. actually reboot the system (col 9, lines 3-16). It 
would have been obvious to one of ordinary skill in the art at the time the invention was made to 
include the feature of wherein said means for performing management of said at least one 
compartment further enables management actions initiated via said means for performing 
management to be performed dynamically, without requiring that the system be re-booted in 
order for said management actions to be effective within said system to the existing system of 
Stoecker and Tate in order to increase the convenience and practicality (col 9, lines 3-16). 
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22. As to claim 14, it is rejected for the same reasons as stated in the rejection of claim 11. 

23. As to claim 29, it is rejected for the same reasons as stated in the rejection of claim 14. 

24. Claims 13, 15 and 28 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Stoecker et al. (hereinafter Stoecker) (US 5,850,511) in view of Tate et al. (hereinafter Tate) 
(US 6,493,751 Bl), and further in view of Thalhammer-Reyero (US 5,930,154). 

25. As to claim 13, Stoecker and Tate fail to explicitly teach adding a new compartment, 
renaming an existing compartment, removing an existing compartment, resizing an existing 
compartment, adding a process to a compartment, and removing a process from a compartment. 
However, Thalhammer-Reyero teaches adding a new compartment, renaming an existing 
compartment, removing an existing compartment, resizing an existing compartment, adding a 
process to a compartment, and removing a process from a compartment (col 5, lines 39-47, col 
13, lines 10-15, col 19, lines 60-67 through col 20, lines 1-4, col 27, lines 5-13, col 30, lines 
19-20, and col 40, lines 3-13). It would have been obvious to one of ordinary skill in the art at 
the time the invention was made to include the feature of adding a new compartment, renaming 
an existing compartment, removing an existing compartment, resizing an existing compartment, 
adding a process to a compartment, and removing a process from a compartment to the existing 
system of Stoecker and Tate in order to increase the control by allowing adjustments of 
compartments. 
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26. - As to claim 15, Stoecker and Tate fails to explicitly teach wherein said performing 
management of said at least one compartment comprises switching from a first compartment to a 
second compartment. However, Thalhammer-Reyero teaches switching compartments using a 
graphical user interface (col 2, lines 1-16, col 5, lines. 39-47, col. 13, lines 10-15, col. 19, lines 
60-67 through col 20, lines 1-4, col. 27, lines 5-13, col 30, lines 19-20, and col 40, lines 3-13). 
It would have been obvious to one of ordinary skill in the art at the time the invention was made 
to include the feature of a graphical user interface that provides for switching from one 
compartment to another compartment to the existing compartment/containment system of 
Stoecker and Tate because this would increase the control by allowing to retrieve other 
compartments (col 2, lines 1-16). 

27. As to claim 28, it is rejected for the same reasons as stated in the rejection of claim 13. 

28. Claims 16-18 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Stoecker et al. (hereinafter Stoecker) (US 5,850,511) in view of Tate et al. (hereinafter Tate) 
(US 6,493,751 Bl), and further in view of Hyndman et al. (hereinafter Hyndman) (US 
6,449,643 Bl). 

29. As .to claim 16, Stoecker and Tate fails to explicitly teach at least one configuration file 
including at least one rule defining containment of said at least one compartment. However, 
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Hyndman teaches a rule-based system for containment (access control) for compartments 
(building blocks or components) (col. 1, lines 34-46, col. 2, lines 26-30, see Abstract). It would 
have been obvious to one of ordinary skill in the art at the time the invention was made to 
include the feature of providing at least one rule that defines containment of said at least one 
compartment in at least one configuration file to the existing system of Stoecker and Tate in 
order to increase the security by providing access control and privileges (col. 2, lines 26-30 and 
Abstract). 

30. As to claim 17, Hyndman teaches wherein said performing management of said at least 
one compartment comprises manipulating said at least one rule (col 1, lines 56-60 and col 2, 
lines 26-3 7 and Abstract). 

31. As to claim 1 8, Hyndman teaches adding a new rule for a particular component, 
removing an existing rule for a particular component with the use of privileges and the 
administrator has the listing of all the rules (col 2, lines 26-30 and Abstract). 

32. Claims 20, 22, and 24 are rejected under 35 U.S.C. 103(a) as being unpatentable by 
Hyndman et al. (hereinafter Hyndman) (US 6,449,643 Bl) in view of Stoecker et al. 
(hereinafter Stoecker) (US 5,850,511). 

33. As to claim 20, Hyndman teaches a computer-readable medium including instructions 
executable by a processor, said computer-readable medium comprising: 
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library (access control library) of software functions for managing at least one 
compartment (building block or component) implemented by an operating system, wherein at 
least one process can be associated with said at least one compartment and said at least one 
compartment defines accessibility of resources for said at least one process associated therewith 
(col 1, lines 34-46 and see Abstract); and 

said library of software functions includes at least one command-line utility executable to 
manipulate (editing) said at least one compartment (see Abstract). 

34. As stated previously, Hyndman teaches manipulating the compartment with a graphical 
user interface (GUI). Hyndman fails to explicitly teach having an operating system command- 
line utility. However, Stoecker teaches having command line utility for a containment tree (col 
5, lines 51-67, col 7, lines 29-48, etc.). It would have been obvious to one of ordinary skill in 
the art at the time the invention was made to include the feature of a command line utility for a 
containment tree to the exisiting containment/compartment system of Hyndman because it would 
increase the control of the system by providing instructions (col 5, lines 51-67, col 7, lines 29- 
-48, etc.). 

35. As to claim 22, Stoecker teaches defining said at least one compartment in at least one 
configuration file (specification file) (col 5 } lines 63-67). 

36. As to claim 24, it is rejected for the same reasons as stated in the rejection of claim 20. In 
addition, Hyndman teaches implementing and manipulating at least one rule (col 2, lines 26-29). 
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37. Claim 21 is rejected under 35 U.S.C. 103(a) as being unpatentable over Hyndman et 
al. (hereinafter Hyndman) (US 6,449,643 Bl) in view of Stoecker et al. (hereinafter 
Stoecker) (US 5,850,511), and further in view of Thalhammer-Reyero (US 5,930,154). 

38. - As to claim 21, Hyndman fails to explicitly teach adding a new compartment, renaming 
an existing compartment, removing an existing compartment, resizing an existing compartment, 
adding a process to a compartment, and removing a process from a compartment. However, 
Thalhammer-Reyero teaches adding a new compartment, renaming an existing compartment, 
removing an existing compartment, resizing an existing compartment, adding a process to a 
compartment, and removing a process from a compartment (col 5, lines 39-47, col 13, lines 10- 
15, col 19, lines 60-67 through col 20, lines 1-4, col 27, lines 5-13, col 30, lines 19-20, and 
col 40, lines 3-13). It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to include the feature of adding a new compartment, renaming an existing 
compartment, removing an existing compartment, resizing an existing compartment, adding a 
process to a compartment, and removing a process from a compartment to the existing system in 
order to increase the control by allowing adjustments of compartments. 

39. Claim 23 is rejected under 35 U.S.C. 103(a) as being unpatentable over Hyndman et 
al. (hereinafter Hyndman) (US 6,449,643 Bl) in view of Stoecker et al. (hereinafter 
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Stoecker) (US 5,850,511), and further in view of Tate et al. (hereinafter Tate) (US 6,493,751 
Bl). 

40. As to claim 23, it is rejected for the same reasons as stated in the rejection of claim 10. 
However, Hyndman and Stoecker fails to explicitly teach performing manipulation of said at 
least one compartment without requiring that a user edit said at least one configuration file in 
which said at least one component is defined. However, Tate teaches manipulating without 
requiring the actual inputting and on-screen editing of the configuration files by the user (col 4, 
lines 6-11). It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to include the feature of manipulating without requiring a user to edit a 
configuration file to the existing containment system because this makes the process simpler for 
the user (col. 3, lines 45-58). 

41. Claim 25 is rejected under 35 U.S.C 103(a) as being unpatentable over Stoecker et 
al. (hereinafter Stoecker) (US 5,850,511) in view of Hyndman et al. (hereinafter Hyndman) 
(US 6,449,643 Bl), and further in view of Kuhn (US 6,023,765). 

42. * As to claim 25, Stoecker and Hyndman fails to explicitly teach wherein said 
implementing a least one compartment comprises utilizing a kernel for enforcing said at least one 
compartment. However, Kuhn teaches a kernel permitting access to one or more compartments 
(col. 6, lines 50-52, col 8, lines 20-25). It would have been obvious to one of ordinary skill in 



Application/Control Number: 09/896,385 Page 14 

Art Unit: 2195 

the art at the time the invention was made to combine Kuhn with Stoecker and Hyndman because 
this would provide control to the compartments (col 6, lines 50-52, col. 8, lines 20-25). 

Response to Arguments 

43. During patent examination, the pending claims must be "given their broadest reasonable 
interpretation consistent with the specification." In re Hyatt, 21 1 F.3d 1367, 1372, 54 USPQ2d 
1664, 1667 (Fed. Cir. 2000). Applicant always has the opportunity to amend the claims during 
prosecution, and broad interpretation by the examiner reduces the possibility that the claim, once 
issued, will be interpreted more broadly than is justified. In re Prater, 415 F.2d 1393, 1404-05, 
162 U'SPQ 541, 550-51 (CCPA 1969). Both a containment tree (data, structure) and data 
building block satisfy the broadest reasonable interpretation of a compartment. 

44. Applicant argues on pages 10, 13, and 16 of the Remarks that the compartment is not 
implemented by an operating system. 

In response, the Examiner respectfully disagrees. Stoecker teaches implementing at least 
one compartment for containment (containment tree) at least one process executable on said 
processor-based system (col. 5, lines 13-28, etc.). The computer processor-based system has an 
operating system. All computer systems have an operating system in order for the processor to 
perform processing. 

45. Applicant argues on pages 11 and 14 of the Remarks that the command-line utility that 
manipulates the compartments. 
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Stoecker teaches altering compartments (containments) by user input (col 8, lines 1-6). 
The user has command line options that affect operating system execution (col 7, lines 29-30), 
The computer processor-based system has an operating system. All computer systems have an 
operating system in order for the processor to perform processing. 



Conclusion 

46. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure: 

• US 6,351,850 Bl teaches modifying partitions using a DOS or Windows 
computer operating system, such that modifying could consist of resizing an 
existing compartment, adding a new process to a compartment, removing a 
process of a compartment, etc. (see Abstract). 

• US 6,470,434 Bl teaches adding, deleting or modifying partitions using a DOS 
computer operating system (col 7, lines 12-24, etc.). 

47. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 . 1 36(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
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will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kenneth Tang whose telephone number is (571) 272-3772. The 
examiner can normally be reached on 8:30AM - 6:00PM, Every other Friday off. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Meng-Ai An can be reached on (571) 272-3756. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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